Issue connecting to AD FS configuration database

Question

I just installed the AD FS role on my DC using the Windows Internal Database. All seemed to be fine after I set everything up, however, once I restarted my DC, when attempting to load the AD FS manager, I get the error:

An error occurred during an attempt to access the AD FS configuration database: Error message: ADMIN0017: An exception occurred while connecting to the configuration service. The configuration service URL 'net.tcp://localhost:1500/policy' may be incorrect or the AD FS 2.0 Windows Service is not running.

When checking the services, I notice the AD FS service is in fact stopped. When attempting to start this manually, I get the error:

Windows could not start the Active Directory Federation Services service on Local Computer. Error 1064: An exception occurred in the service when handling the control request.

I'm not entirely sure what to do here. I've been reading it may have to do with the service account used to run the service, but I've made sure the account is in good order (unlocked, correct password, etc.). I've also read you have to explicitly add this service account to the list of accounts allowed to log on as a service in the relevant GPO, which I have.

Any help is greatly appreciated.

Check that the Windows Internal Database service is also running — Aaron, Oct 24 '17 at 03:22
Try restarting windows internal database service. (I had to start windows firewall service- not sure if this is needed here to bring up the ADFS services) — mavis, May 29 '19 at 05:10
Don't know exactly what happens, our AD FS service stopped working during weekend, and have to start `Windows Internal Database service` then start AD FS service which works. — Paul L, Mar 02 '20 at 22:01

score 1 · Answer 1 · answered Oct 22 '15 at 21:33

I got exactly the same error after we done the migration of the ADFS VM through VMware SRM to another data-center. the environment is Windows 2012 R2 ADFS 3.0

things I have checked from the ADFS server and it worked for me

Check the Windows firewall is "turned off" for "Domain Network"
Check the connectivity (by ping AD IP or name) to the AD servers (this is crucial for the ADFS to work) also check the site replication between the AD servers if you have multiple AD servers (for the DNS gets the computer name update)
Go to services console double click "Windows Internal Database" Services remove the ADFS services account password and reenter the password again and start the service.
Follow Step 3 for the "Active Directory Federation Services" also.

Once both the services are on the ADFS will work.

For further troubleshooting you have to check the ADFS event log from the event viewer.

I hope this helps to resolve your problems. if you find any other method for your scenario please update.

Thanks for your help! I ended up going in another direction, but I do appreciate it. — Michael H, Oct 28 '15 at 18:20

score 0 · Answer 2 · answered Dec 17 '19 at 17:37

0

Your ADFS service is likely lacking some permissions. Adding to local administrators may resolve this issue, however there is likely a lower permission that would work.

answered Dec 17 '19 at 17:37

Tspinning

1

Issue connecting to AD FS configuration database

2 Answers2